Skip to content

Commit

Permalink
Merge "Make user creation optional when creating service."
Browse files Browse the repository at this point in the history
  • Loading branch information
@openstack-gerrit
Jenkins authored and openstack-gerrit committed Sep 30, 2014
2 parents a4fb2d2 + c0f463c commit 11ec661
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 26 deletions.
68 changes: 42 additions & 26 deletions manifests/keystone/auth.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,13 @@
# [*configure_endpoint*]
# Should Neutron endpoint be configured? Defaults to 'true'.
#
# [*configure_user*]
# Should the Neutron service user be configured? Defaults to 'true'.
#
# [*configure_user_role*]
# Should the admin role be configured for the service user?
# Defaults to 'true'.
#
# [*service_name*]
# Name of the service. Defaults to the value of auth_name.
#
Expand Down Expand Up @@ -54,21 +61,23 @@
#
class neutron::keystone::auth (
$password,
$auth_name = 'neutron',
$email = 'neutron@localhost',
$tenant = 'services',
$configure_endpoint = true,
$service_name = undef,
$service_type = 'network',
$public_protocol = 'http',
$public_address = '127.0.0.1',
$admin_protocol = 'http',
$admin_address = '127.0.0.1',
$internal_protocol = 'http',
$internal_address = '127.0.0.1',
$port = '9696',
$public_port = undef,
$region = 'RegionOne'
$auth_name = 'neutron',
$email = 'neutron@localhost',
$tenant = 'services',
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
$service_name = undef,
$service_type = 'network',
$public_protocol = 'http',
$public_address = '127.0.0.1',
$admin_protocol = 'http',
$admin_address = '127.0.0.1',
$internal_protocol = 'http',
$internal_address = '127.0.0.1',
$port = '9696',
$public_port = undef,
$region = 'RegionOne'
) {

if $service_name == undef {
Expand All @@ -77,25 +86,32 @@
$real_service_name = $service_name
}

Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'neutron-server' |>
Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'neutron-server' |>

if ! $public_port {
$real_public_port = $port
} else {
$real_public_port = $public_port
}

keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'neutron-server' |>

if $configure_user {
keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
}
}
keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => 'admin',

if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'neutron-server' |>

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => 'admin',
}
}

keystone_service { $real_service_name:
ensure => present,
type => $service_type,
Expand Down
43 changes: 43 additions & 0 deletions spec/classes/neutron_keystone_auth_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,4 +132,47 @@

end

describe 'when disabling user configuration' do

let :params do
{
:password => 'neutron_password',
:configure_user => false
}
end

it { should_not contain_keystone_user('neutron') }

it { should contain_keystone_user_role('neutron@services') }

it { should contain_keystone_service('neutron').with(
:ensure => 'present',
:type => 'network',
:description => 'Neutron Networking Service'
) }

end

describe 'when disabling user and user role configuration' do

let :params do
{
:password => 'neutron_password',
:configure_user => false,
:configure_user_role => false
}
end

it { should_not contain_keystone_user('neutron') }

it { should_not contain_keystone_user_role('neutron@services') }

it { should contain_keystone_service('neutron').with(
:ensure => 'present',
:type => 'network',
:description => 'Neutron Networking Service'
) }

end

end

0 comments on commit 11ec661

Please sign in to comment.